Using a "custom" user ID as opposed to the user's real, auto_incremented database ID in web applications ?

Question

I'm not sure about its terminology, but for http://www.somedomain.com/user/123456, the "custom user ID" I'm referring to is 123456. I have seen this on quite a lot of websites, in fact, even SO uses something similar. What I'm curious about is:

1. What are they ? - I guess they can't be the real, auto_incremented user ID from the database since it's always the same length and even if they would be padded, users that are supposed to have registered when the website was launched don't have low values like 000001 for example.

   By the way, is there any naming convention for this kind of ID ?

2. Why/when use them ? - What are the advantages in using such an ID as opposed to the actual database user ID, and when should they be used ?

   Also, why do some sites (like SO, for example) use them in combination with the username ?

3. What are good methods of generating them ? - Pretty self-explanatory I suppose, I'm interested in seeing what methods are you guys using.

Although I don't think the question is language-specific, and the language used wouldn't have too much influence on the answers, for the sake of the argument, suppose it's PHP and MySQL, but any examples are welcome.

Thanks in advance !

Answer 1

In the case of SO, indeed they are an incrementing numeric identifier. Watch the correlation between the numbers of SO users and their lifetime on the site.

• user 23199
• user 230354
• try using user 1 through 50 to see what happens. Some are non-existent, the smallest are the admins.

Let's go with your example though, of a system where the number was NOT the identifier. Let's say the system was designed with enough digits to accommodate enough users. Let's say it's fixed at 10 digits, and zero-padded.

I suspect sites (SO, for example,) use a URL with a combo of user number and name for SEO purposes, and nothing special. The username really is decoration, whereas the ID is meaningful. It's a unique ID, whereas the username is not forced to be unique.

Ask yourself if guessing numbers is desirable or not. A user based system where the number is out in the open is fine, but banking or health care systems would be less ideal.

Generating a unique number is fairly easy. Given the fixed 10 digits, we could assign numbers to new users sequentially, or randomly at the data layer. Usually the database should handle the auto-incrementing because its counter is much better at dealing with finding 'next in sequence' when 2 requests come in at once.

--next in sequence
SELECT MAX(CustomID)+1 FROM Users

Some RDBMS tables can be created to use the ID as a seed, or run through a formula. - i.e. the CustomID is seeded 1000 higher than the PK ID. So ID 450 has a CustomID of 1450. A simple example, but you can see how the formula would work.

• Take the server datetime in ticks.
• Perhaps find something unique about each user - how about the user's MAC address converted to a number? Cheesy.

Go beyond numbers, and uniquely identify users with GUIDs, perhaps. Those URLs won't be easy to type or remember, so they're typically used when that's not a design goal, or SEO isn't important.